Dear Roy and IETF-ers: A quick reaction to this document:
Good contribution: at last there is a documented proposition for the view that DNSSEC root signature is strictly a technical management issue.
This document uses a two-tiered organization for root key management, respectively handling the KSK private keys and ZSK private keys for signature operations. Such a two-tiered organization is deemed to be present in the final solution.
Maybe a difficulty lies in the selection of RZM as one of the two tiers. The document author(s) should check if a current project at IANA is indeed to integrate the RZM function in IANA operations. In view of the possible merger of IANA and the RZM function, the document author(s) should state what minimal conditions, in terms of institutional independence, they expect between the two tiers of control over the DNSSEC root keys.
Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
